feat: add window manager options

system/dev/dn-pre7780/default.nix

@@ -12,9 +12,8 @@ in
   systemConf = {
     inherit hostname username;
     enableHomeManager = true;
+    windowManager = "niri";
     nvidia.enable = true;
-    hyprland.enable = false;
-    niri.enable = true;
     sddm.package = (
       pkgs.sddm-astronaut.override {
         embeddedTheme = "purple_leaves";

system/dev/dn-pre7780/services/default.nix

@@ -1,7 +1,6 @@
 {
   imports = [
     ../../../modules/postgresql.nix
-    # ./mail.nix
     ./nginx.nix
     # ./pangolin.nix
   ];

system/dev/dn-pre7780/services/mail.nix

@@ -1,205 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  inherit (lib) mkIf;
-  inherit (config.networking) domain;
-  mkCondition = (
-    condition: ithen: ielse: [
-      {
-        "if" = condition;
-        "then" = ithen;
-      }
-      { "else" = ielse; }
-    ]
-  );
-
-  rspamdWebPort = 11333;
-  rspamdPort = 31009;
-  fqdn = "mx1.dnywe.com";
-
-  rspamdSecretFile = config.sops.secrets."rspamd".path;
-  rspamdSecretPath = "/run/rspamd/rspamd-controller-password.inc";
-in
-{
-  networking.firewall.allowedTCPPorts = [ 8080 ];
-
-  imports = [
-    (import ../../../modules/stalwart.nix {
-      inherit domain;
-
-      enableNginx = false;
-      adminPassFile = config.sops.secrets."stalwart/adminPassword".path;
-      certs."default" = {
-        default = true;
-        cert = "%{file:${config.security.acme.certs.${fqdn}.directory}/cert.pem}%";
-        private-key = "%{file:${config.security.acme.certs.${fqdn}.directory}/key.pem}%";
-      };
-      ldapConf = {
-        type = "ldap";
-        url = "ldaps://ldap.net.dn";
-        tls.enable = true;
-        timeout = "30s";
-        base-dn = "ou=people,dc=net,dc=dn";
-        attributes = {
-          name = "uid";
-          email = "mail";
-          email-alias = "mailRoutingAddress";
-          secret = "userPassword";
-          description = [
-            "cn"
-            "description"
-          ];
-          class = "objectClass";
-          groups = [ "memberOf" ];
-        };
-        filter = {
-          name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)(mailRoutingAddress=?)))";
-          email = "(&(objectClass=inetOrgPerson)(|(mailRoutingAddress=?)(mail=?)))";
-        };
-        bind = {
-          dn = "cn=admin,dc=net,dc=dn";
-          secret = "%{file:${config.sops.secrets."stalwart/ldap".path}}%";
-          auth = {
-            method = "default";
-          };
-        };
-      };
-    })
-  ];
-
-  services.stalwart-mail.settings.spam-filter.enable = !config.services.rspamd.enable;
-
-  services.stalwart-mail.settings.session.milter."rspamd" = mkIf config.services.rspamd.enable {
-    enable = mkCondition "listener = 'smtp'" true false;
-    hostname = "127.0.0.1";
-    port = rspamdPort;
-    stages = [
-      "connect"
-      "ehlo"
-      "mail"
-      "rcpt"
-      "data"
-    ];
-    tls = false;
-    allow-invalid-certs = false;
-    options = {
-      tempfail-on-error = true;
-      max-response-size = 52428800; # 50mb
-      version = 6;
-    };
-  };
-
-  services.rspamd = {
-    enable = true;
-    locals = {
-      "redis.conf".text = ''
-        servers = "${config.services.redis.servers.rspamd.unixSocket}";
-      '';
-      "classifier-bayes.conf".text = ''
-        backend = "redis";
-        autolearn = true;
-      '';
-      "dkim_signing.conf".text = ''
-        enabled = false;
-      '';
-      "milter_headers.conf".text = ''
-        enabled = true;
-        extended_spam_headers = true;
-        skip_local = false;
-        use = ["x-spamd-bar", "x-spam-level", "x-spam-status", "authentication-results", "x-spamd-result"];
-        authenticated_headers = ["authentication-results"];
-      '';
-    };
-    localLuaRules =
-      pkgs.writeText "rspamd-local.lua"
-        # lua
-        ''
-          -- Temporary fix for double dot issue rspamd#5273
-          local lua_util = require("lua_util")
-
-          rspamd_config.UNQUALIFY_SENDER_HOSTNAME = {
-            callback = function(task)
-              local hn = task:get_hostname()
-              if not hn then return end
-              local san_hn = string.gsub(hn, "%.$", "")
-              if hn ~= san_hn then
-                task:set_hostname(san_hn)
-              end
-            end,
-            type = "prefilter",
-            priority = lua_util.symbols_priorities.top + 1,
-          }
-        '';
-    workers = {
-      rspamd_proxy = {
-        type = "rspamd_proxy";
-        includes = [ "$CONFDIR/worker-proxy.inc" ];
-        bindSockets = [
-          "*:${toString rspamdPort}"
-        ];
-        extraConfig = ''
-          self_scan = yes;
-        '';
-      };
-      controller = {
-        type = "controller";
-        includes = [
-          "$CONFDIR/worker-controller.inc"
-        ];
-        extraConfig = ''
-          .include(try=true; priority=1,duplicate=merge) "${rspamdSecretPath}"
-        '';
-        bindSockets = [ "127.0.0.1:${toString rspamdWebPort}" ];
-      };
-    };
-    overrides."whitelist.conf".text = ''
-      whiltelist_from {
-        ${domain} = true;
-      }
-    '';
-  };
-
-  systemd.services.rspamd = mkIf config.services.rspamd.enable {
-    path = [
-      pkgs.rspamd
-      pkgs.coreutils
-    ];
-    serviceConfig = {
-      ExecStartPre = [
-        "${pkgs.writeShellScript "generate-rspamd-passwordfile" ''
-          RSPAMD_PASSWORD_HASH=$(rspamadm pw --password $(cat ${rspamdSecretFile}))
-          echo "enable_password = \"$RSPAMD_PASSWORD_HASH\";" > ${rspamdSecretPath} 
-          chmod 770 "${rspamdSecretPath}" 
-        ''}"
-      ];
-    };
-  };
-
-  services.redis.servers.rspamd = {
-    enable = true;
-    port = 0;
-    user = config.services.rspamd.user;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    certs."${fqdn}" = {
-      inheritDefaults = false;
-      group = config.systemd.services.stalwart-mail.serviceConfig.Group;
-      dnsProvider = "cloudflare";
-      dnsResolver = "1.1.1.1:53";
-      server = "https://acme-v02.api.letsencrypt.org/directory";
-      validMinDays = 30;
-      email = "dachxy@${domain}";
-      extraDomainNames = [ domain ];
-      environmentFile = config.sops.secrets."cloudflare/secret".path;
-      postRun = ''
-        systemctl reload stalwart-mail
-      '';
-    };
-  };
-}

system/dev/dn-pre7780/sops/sops-conf.nix

@@ -32,9 +32,9 @@ in
         mode = "0660";
       };
     }
-    // (optionalAttrs config.services.stalwart-mail.enable (
+    // (optionalAttrs config.services.stalwart.enable (
       let
-        inherit (config.users.users.stalwart-mail) name group;
+        inherit (config.users.users.stalwart) name group;
         owner = name;
       in
       {

system/dev/dn-pre7780/utility/davinci-resolve.nix

@@ -1,5 +1,5 @@
 {
   imports = [
-    # ../../../modules/davinci-resolve.nix
+    ../../../modules/davinci-resolve.nix
   ];
 }

system/dev/dn-pre7780/utility/default.nix

@@ -1,8 +1,8 @@
 {
   imports = [
     ../../../modules/localsend.nix
-    ./airplay.nix
-    ./davinci-resolve.nix
+    # ./airplay.nix
+    # ./davinci-resolve.nix
     # ./blender.nix
   ];
 }

system/dev/dn-server/services/default.nix

@@ -1,4 +1,3 @@
-{ config, ... }:
 {
   imports = [
     ./actual-budget.nix
@@ -15,5 +14,6 @@
     ./dns.nix
     ./acme.nix
     ./ntfy.nix
+    ./homepage.nix
   ];
 }

system/dev/dn-server/services/dns.nix

@@ -102,7 +102,7 @@ in
       "192.168.100.0/24"
     ];
     dns.port = 5300;
-    yaml-settings = {
+    settings = {
       webservice.webserver = true;
       recordcache.max_negative_ttl = 60;
     };

system/dev/dn-server/services/homepage.nix

@@ -0,0 +1,194 @@
+{ config, ... }:
+let
+  inherit (config.networking) domain;
+  cfg = config.services.homepage-dashboard;
+in
+{
+  sops.secrets = {
+    "homepage" = {
+    };
+  };
+
+  services.homepage-dashboard = {
+    enable = true;
+    openFirewall = true;
+    listenPort = 8044;
+    environmentFile = config.sops.secrets."homepage".path;
+    allowedHosts = "www.${domain},${domain},localhost:${toString cfg.listenPort}";
+    docker = {
+      docker = {
+        socket = "/var/run/docker.sock";
+      };
+    };
+    widgets = [
+      {
+        search = {
+          provider = "duckduckgo";
+          target = "_blank";
+        };
+      }
+      {
+        datetime = {
+          text_size = "x1";
+          format = {
+            dateStyle = "short";
+            timeStyle = "short";
+            hour12 = true;
+          };
+        };
+      }
+    ];
+    services = [
+      {
+        "Files & Documents" = [
+          {
+            "Nextcloud" = {
+              icon = "nextcloud.svg";
+              description = "☁️ Cloud drive";
+              href = "https://${config.services.nextcloud.hostName}";
+              widgets = [
+                {
+                  type = "nextcloud";
+                  url = "https://${config.services.nextcloud.hostName}";
+                  key = "{{HOMEPAGE_VAR_NEXTCLOUD_NC_TOKEN}}";
+                }
+              ];
+            };
+          }
+          {
+            "Paperless" = {
+              icon = "paperless.svg";
+              description = "PDF editing, tagging, and viewing";
+              href = config.services.paperless.settings.PAPERLESS_URL;
+            };
+          }
+        ];
+      }
+      {
+        "VPN & IDP" = [
+          {
+            "Netbird" = {
+              icon = "netbird.svg";
+              description = "VPN Service: access internal services";
+              href = "https://${config.services.netbird.server.domain}";
+            };
+          }
+          {
+            "Keycloak" = {
+              icon = "keycloak.svg";
+              description = "Identity provider";
+              href = "https://${config.services.keycloak.settings.hostname}";
+            };
+          }
+        ];
+      }
+      {
+        "Monitor" = [
+          {
+            "Grafana" = {
+              icon = "grafana.svg";
+              description = "Show metrics!";
+              href = config.services.grafana.settings.server.root_url;
+            };
+          }
+          {
+            "Prometheus" = {
+              icon = "prometheus.svg";
+              description = "The web is not that useful 🥀";
+              href = config.services.prometheus.webExternalUrl;
+            };
+          }
+          {
+            "Uptime Kuma" = {
+              icon = "uptime-kuma.svg";
+              description = "Service health check";
+              href = "https://uptime.${domain}";
+            };
+          }
+        ];
+      }
+      {
+        "Utility" = [
+          {
+            "Vaultwarden" = {
+              icon = "vaultwarden-light.svg";
+              description = "Password manager";
+              href = config.services.vaultwarden.config.DOMAIN;
+            };
+          }
+          {
+            "PowerDNS" = {
+              icon = "powerdns.svg";
+              description = "DNS record management";
+              href = "https://powerdns.${domain}";
+            };
+          }
+          {
+            "Actual Budget" = {
+              icon = "actual-budget.svg";
+              description = "Financial budget management";
+              href = "https://actual.${domain}";
+            };
+          }
+          {
+            "Ntfy" = {
+              icon = "ntfy.svg";
+              description = "Notification service";
+              href = config.services.ntfy-sh.settings.base-url;
+            };
+          }
+        ];
+      }
+      {
+        "Games" = [
+          {
+            "Minecraft" = {
+              icon = "minecraft.svg";
+              description = "Minecraft servers";
+              widgets = [
+                {
+                  type = "minecraft";
+                  fields = [
+                    "players"
+                    "version"
+                    "status"
+                  ];
+                  url = "udp://mc.${domain}:${toString config.services.velocity.port}";
+                }
+              ];
+            };
+          }
+        ];
+      }
+
+    ];
+    settings = {
+      base = "https://www.${domain}";
+      headerStyle = "boxed";
+      title = "DN Home";
+      description = "Welcome! maybe?";
+      disableUpdateCheck = true;
+      providers = {
+
+      };
+      quicklaunch = {
+        searchDescriptions = true;
+        hideInternetSearch = true;
+        showSearchSuggestions = true;
+        hideVisitURL = true;
+        provider = "google";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    useACMEHost = domain;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString cfg.listenPort}";
+    };
+    serverAliases = [
+      "www.${domain}"
+    ];
+  };
+}

system/dev/dn-server/sops/secret.yaml

@@ -65,6 +65,7 @@ forgejo:
         password: ENC[AES256_GCM,data:dcIotYpgtdFLcunAB3ttlczzQ68=,iv:vH3rckAfntFAEtH3dolF7NCAdj142cAzre56x7oBdDA=,tag:TaxRn8g/TVloM60D6Ud0Jg==,type:str]
 velocity: ENC[AES256_GCM,data:PYGSXfivm7OyKhBMKPOVDs+efpcb0hhwCAxlT05pM+kg9t0lH4TEMuxBXFRs80LUiQx+CYXyw8UvBkkKwPEc,iv:PppenjXIQ+eirCor3PxT16r2S7wO8bww5v/RyjQh9MI=,tag:Dc3BzmyQcTwYsvWShQ/JqQ==,type:str]
 fabricProxy: ENC[AES256_GCM,data:srGYmqHgfkxAKKSjy9uGX1mQpE3N0rXb06MYiycbYESj/sZu/vjsPspvUdzTHHb9zkF5SWLWkmP6llIpimkss/dm7A1pGlagin3+,iv:yoWQdWeP9UjoRO5rJ9FQGbBu3iypIdXGrSDqBfFhw6w=,tag:+d/Tp/m3vENZAXJyHOMJEA==,type:str]
+homepage: ENC[AES256_GCM,data:SqRtz4xrwCTQulgFsRAgTcQNQZRyRes+K4UzlhQZW3GuAmQaRBIHJyFttgIQYDKlc21QAiM2zxa9IBOtGNpQAdkplUptaRTq0fZH/OYcNw==,iv:NLEiWjfPvsw2Tq+pqrIPy8pKlWFD8wVXt9TMH8Y8+jA=,tag:N91DrYQoYeyJ3AH3ujTI+g==,type:str]
 sops:
     age:
         - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
@@ -94,7 +95,7 @@ sops:
             OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK
             9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-20T06:31:45Z"
-    mac: ENC[AES256_GCM,data:ad8EP8zk6mxlmMZaEijW0NWF72y2EikJPct7qxiCp6/sWGKKrGv8mRnC1zahgpRqpGR0jZKQ8Ot204EdGrJF9WI03+ZB9GgKi9ipQvXlGOCJq6m/Mp6WygI2hFAzRKCeoPqAPjVQxQ3Ctt/WEYXzvEp7CIKUq7WD6gTEFk6FDg0=,iv:20rJb79QnUW0DFbXTr0XXjiXjm7bK0CVs4oVan5SAKw=,tag:+mnMTBYQ1fhwe/abwGYNOA==,type:str]
+    lastmodified: "2026-01-30T04:08:29Z"
+    mac: ENC[AES256_GCM,data:egK9zlAccBV2IeJ+DYTP3AKQUUMFPmts8eZMilQlyh+EE/oXhNnKeKkmNg9h1RwoZ6zh0LRDsyjubCc06PI/wVx2lJ0JfPs4bt6PckC1hZglRSHHjmocyx1eF5bMVfBLmluDzQ3Zms1Ryvuh+M+EjtdhttBljAIb0JIRx8Wzwks=,iv:wWrRiOvzZDboZSMgTzmbVVWzpSIhLdlgxgUIFXCFet0=,tag:YLBtLivKLBvByyfm4PbVXQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0

system/dev/public/dn/common.nix

@@ -27,6 +27,16 @@ in
         };
         workspaces."game" = { };
         window-rules = [
+          # Wine systray
+          {
+            matches = [
+              {
+                title = "^$";
+                app-id = "^steam_app_(.*)$";
+              }
+            ];
+            open-fullscreen = false;
+          }
           # Steam Game Fullscreen
           {
             matches = [
@@ -68,5 +78,8 @@ in
           }
         ];
       };
+      wayland.windowManager.mango.settings = ''
+        xkb_rules_options = caps:escape
+      '';
     };
 }

system/dev/skydrive-lap/default.nix

@@ -11,8 +11,7 @@ in
     inherit hostname username;
     domain = "net.dn";
     enableHomeManager = true;
-    hyprland.enable = false;
-    niri.enable = true;
+    windowManager = "niri";
     face = pkgs.fetchurl {
       url = "https://git.dnywe.com/dachxy/skydrive-avatar/raw/branch/main/skydrive.jpg";
       hash = "sha256-aMjl6VL1Zy+r3ElfFyhFOlJKWn42JOnAFfBXF+GPB/Q=";